Resubmissions
07-06-2023 18:43
230607-xdcwxaed79 10General
-
Target
1192-56-0x0000000004AE0000-0x0000000004B20000-memory.dmp
-
Size
256KB
-
MD5
b3f97126dcf06e88c481daef03df99a5
-
SHA1
d987b63d534c0c3e210310e31e46309e6c02182b
-
SHA256
d0c91dd8a27e1defe4d61e303cd1db162a30339111878ec3380915e98786a7ea
-
SHA512
322efbcbc763e79bb12ba00752590e00d407ab0da122c498bfb3fe62062c1aab5834d2a87841cfb6e287119ab0cf26007ff6de5988eda3657498340727e80219
-
SSDEEP
3072:y8e8hZJ646gJBO0y6RbAxNjgOqFra6lD8e8hZ:yipe+oara6lD
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1192-56-0x0000000004AE0000-0x0000000004B20000-memory.dmp
Files
-
1192-56-0x0000000004AE0000-0x0000000004B20000-memory.dmp.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorDllMain
Sections
.text Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ